Netgate SG-1000 microFirewall

Author Topic: Assign Interface at the CLI/Script  (Read 212 times)

0 Members and 1 Guest are viewing this topic.

Offline jukebox

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Assign Interface at the CLI/Script
« on: December 28, 2017, 05:07:53 am »
Hi All,

Appreciate that i am new here and was hoping for some help with something that has been bugging me for some time, all help much appreciated.

I'm new here but have been using pfSense for quite a few years at home and in production environments. I use a VPN provider at home and have everything setup perfectly except one point. I have 3 separate VPN client tunnels setup and wish to regularly rotate amongst them, at the moment i achieve this by changing my VPN Interface assignment to the next OVPN Port on the list then restarting the OVPN service, this works but i was looking to write something to automate it via a script/cron job. No issues with the scripting of the OVPN service restart but i cannot find anyway of non-interactively assigning a port to an interface. Is anyone able to enlighten me with regards to this please?

P.s. Version is latest - 2.4.2-RELEASE-p1

Thanks In Advance
Jamie

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21739
  • Karma: +1503/-26
    • View Profile
Re: Assign Interface at the CLI/Script
« Reply #1 on: December 28, 2017, 09:55:05 am »
That sounds like a very ... inefficient ... way to get that done.

Why do you need to reassign the interface? Configure and assign all three and then use a gateway group with all of them to designate which one(s) to use at any given time. You can even load balance across them so connections can use them all.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jukebox

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Assign Interface at the CLI/Script
« Reply #2 on: December 28, 2017, 04:14:35 pm »
Thanks Jimp, never thought of that, will give it a go and report back. Many thanks for the assist.

Offline jukebox

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Assign Interface at the CLI/Script
« Reply #3 on: December 29, 2017, 08:09:54 am »
So just gave this a whirl and just wanted to make sure i've not missed anything:

1. Rename VPN interface to VPN1.
2. Assign VPN Ports 2 & 3 to VPN2 & VPN3 Interfaces.
3. Configure all 3 GW Monitor IP's to external ones.
4. Add all three to a GW Group assigning them all to Tier1 (thus should Load Balance them then?).
5. Update relevant FW rules to use the GW Group instead of the original one.
6. Added additional Outboud NAT rules for the additional 2 VPN interfaces.
7. Enable Sticky connections (not sure whether this is 100% required but from reading the description it seemed like a good idea).

Again guys, the help is much appreciated.
« Last Edit: December 29, 2017, 08:20:09 am by jukebox »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21739
  • Karma: +1503/-26
    • View Profile
Re: Assign Interface at the CLI/Script
« Reply #4 on: January 03, 2018, 02:16:59 pm »
1-3 Yes
4 - Yes, all on the same tier will load balance connections
5-6 Yes
7 That's up to you, that may make the balancing a bit lopsided if you have certain heavy use clients but it's the best way to ensure multiple connections flow consistently.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!